DOCSLIB.ORG

SUSE Linux Enterprise Server 11 SP4 Security and Hardening Guide Security and Hardening Guide SUSE Linux Enterprise Server 11 SP4

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
SUSE Linux Enterprise Server 11 SP4 Security and Hardening Guide Security and Hardening Guide SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11 SP4 Security and Hardening Guide Security and Hardening Guide SUSE Linux Enterprise Server 11 SP4 Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see http://www.suse.com/company/legal/ . All other third party trademarks are the property of their respective owners. A trademark symbol (®, ™ etc.) denotes a SUSE or Novell trademark; an asterisk (*) denotes a third party trademark. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its aliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof. Contents About This Guide vi 1 Assumptions and Scope vii 2 Available Documentation xi 3 Feedback xiii 4 Documentation Conventions xiv I SUSE LINUX ENTERPRISE SERVER AND COMMON CRITERIA 1 1 Overview and Rationale 2 1.1 Common Criteria and this document 2 1.2 Generic Guiding Principles 4 II GENERAL SYSTEM SECURITY AND SERVICE PROTECTION METHODS 9 2 Introduction 10 3 Linux Security in “General” 11 3.1 Physical Security 12 System locks 12 3.2 Locking down the BIOS 13 3.3 Security via the Boot Loaders 13 3.4 Verifying Security Action with seccheck 14 Seccheck Configuration 14 3.5 Retiring Linux Servers with Sensitive Data 16 3.6 Backups 17 iii Security and Hardening 3.7 Disk Partitions 17 3.8 Firewall (iptables) 18 3.9 Security Features in the Kernel 18 Enable TCP SYN Cookie Protection (default in SUSE Linux Enterprise Server11) 19 • Disable IP Source Routing (default in SUSE Linux Enterprise Server11) 19 • Disable ICMP Redirect Acceptance 19 • Enable IP Spoofing Protection (default in SUSE Linux Enterprise Server11) 20 • Enable Ignoring to ICMP Requests 20 • Enable Ignoring Broadcasts Request (default in SUSE Linux Enterprise Server11) 20 • Enable Bad Error Message Protection (default in SUSE Linux Enterprise Server11) 20 • Enable Logging of Spoofed Packets, Source Routed Packets, Redirect Packets 21 • Virtual Address Space Randomization 21 3.10 AppArmor 21 3.11 SELinux 22 3.12 FTP, telnet, and rlogin (rsh) 23 3.13 Removing Unnecessary Software Packages (RPMs) 23 3.14 Patching Linux Systems 24 YaST Online Update 25 • Automatic Online Update 25 • Subscription Management Tool - SMT 26 3.15 Securing the Network - Open Network Ports Detection 27 3.16 Disabling Runlevel Services 29 3.17 xinetd Services - Disabling 31 Inventory xinetd services 33 3.18 Reviewing Inittab and Boot Scripts 35 3.19 Restricting System Access from Servers and Networks 36 3.20 Securing SSH 38 3.21 Securing Postfix 39 iv Security and Hardening 3.22 Filesystems: Securing NFS 40 Enabling and Starting NFS Server 41 • Exporting NFS File Systems 41 • Using NFS over TCP 42 3.23 Copying Files Using SSH Without Providing Login Prompts 43 3.24 Checking File Permissions and Ownership 44 3.25 Default umask 44 3.26 SUID/SGID Files 45 3.27 World-Writable Files 46 3.28 Orphaned or Unowned Files 46 3.29 Various Account Checks 47 Unlocked Accounts 47 • Unused Accounts 47 3.30 Single User Mode Password for root 48 3.31 Enabling Password Aging 48 3.32 Stronger Password Enforcement 50 3.33 Leveraging an Effective pam-stack 51 Password Strength 51 • Restricting Use of Previous Passwords 52 • Locking User Accounts After Too Many Login Failures 53 3.34 Preventing Accidental Denial of Service 55 Example for Restricting System Resources 55 3.35 Displaying Login Banners 57 3.36 Miscellaneous 58 Host-Based Linux Monitoring and Intrusion Detection 58 • Connect Accounting Utilities 59 • Other 59 v Security and Hardening About This Guide The SUSE Linux Enterprise Server Security and Hardening Guide deals with the particulars of installation and set up of a secure SUSE Linux Enterprise Server server and additional post-install processes required to further secure and harden that installation. Security and hardening elements and procedures are best applied to a server both during installation and post-installation and aim to improve the tness of the system for the purposes demanded by its administrator. The understanding of this guide is to support the administrator with the security related choices and decisions that the administrator will have to make. The individual steps and procedures are to be seen as a proposal, not as something that ultimately needs to be done. In many cases, this guide will even force the reader to discuss the usefulness towards the objectives that the measures may provide - or not. Obviously, the objective is to improve the security value of the system. Denitions about the meaning of the term security vary, but we want to settle on one that is both simple, abstract and therefore possibly true for most IT solutions: A good system does what it is expected to do, and it does it well. A secure system is a good system that does nothing else. The part with “nothing else” is certainly within the focus of this guide. The Linux system is architected in such way that security policies are enforced. These policies are (fairly generic and incomplete list): DAC - Discretionary Access Control: File and directory permissions as we know them: chmod , chown privileged ports: TCP and UDP ports 0-1023 as well as raw sockets are only to the super user other privileged operations: The loading of kernel modules, conguration of network interfaces, exclusively all security relevant settings of the Linux kernel, are operations that can only be done by the root user, eg. the user with the numeric userID 0. Attacking a system means to attempt to overcome (eg. circumvent or break) these privilege boundaries in a way that the administrator of the system or the programmer of the corresponding subsystem has not taken into account. vi SUSE Linux Enterp… 11 SP4 A “hardened” system raises the bar for the attacker to make the system do what “he” wants by reducing the area that the system exposes to the attacker (often called attack surface), and by mitigating the risk that exists for the system if a part of it fails to handle untrusted input safely, thereby allowing actions within the context of this part of the system that were not intended by the programmer. Security is about decisions, and whenever security is in (apparent) opposition to function, these decisions become trade-os. While it can be argued that all systems should be set up to be as securely as possible, some levels of security and hardening may very well be overkill in some cases. Each system's operational environment has its own security requirements derived from business drivers or regulatory compliance mandates (e.g. SOX, HIPAA, PCIDSS, etc.) and an eective business requirements analysis should be performed in order to determine the right level of security and hardening to be applied to a server or dened as part of a baseline server build. As a nal note before we begin: You may encounter individual requirements in regulatory compliance frameworks that may not make sense from a technical perspective, or they do not serve the purpose of improving security. It may be a productive attitude to simply implement what is required, but whenever there is a contradiction to security, an informed discussion in the documentation serves the overall purpose of your regulative compliance framework much more than blindly obeying the specications. Please feel encouraged to dispute list items that you think are counterproductive. 1 Assumptions and Scope While in most cases in this document reference will be made to a single server target or host, the scope can generally be applied to more than one machine. We generally assume that the security target can cover one or more systems running SUSE Linux Enterprise Server. We explicitly do not make any assumtions about the hostility of the network that the systems are connected to, or the cooperative nature of the users that leverage the services provided by the systems. In turn, this means that you partially dene your context on your own when reading through this document. You will need to broaden the meaning of individual portions to adopt it to your environment. In some cases, such as the use case of a server that is exposed to the Internet, this vii Assumptions and Scope SUSE Linux Enterp… 11 SP4 document may even be insucient or incomplete; however, it may still serve as a good starting point on your journey towards an increased level of condence that your system will behave like you want it to. About trust: Trust relationships exist among all systems that participate in networked transactions. Basically, the trust relationship between the persons that use the systems is transported across these systems. The chain that is formed by your trust relationships is only as strong as the weakest link. If we further assume that not all your problems are between keyboards and chairs, then it is up to the designer of the network of systems to watchguard the trust relationships. It is good practice to graphically visualize the trust relationships with the services in a schematic overview or map of your network. Generally, it is up to the owner of a resource to enforce the policies imposed on that resource; this would usually be the server that provides the resource.
Load more

Recommended publications
  • CIS Debian Linux 7 Benchmark V1.0.0 - 12-31-2015
    CIS Debian Linux 7 Benchmark v1.0.0 - 12-31-2015 http://benchmarks.cisecurity.org The CIS Security Benchmarks division provides consensus-oriented information security products, services, tools, metrics, suggestions, and recommendations (the “SB Products”) as a public service to Internet users worldwide. Downloading or using SB Products in any way signifies and confirms your acceptance of and your binding agreement to these CIS Security Benchmarks Terms of Use. CIS SECURITY BENCHMARKS TERMS OF USE BOTH CIS SECURITY BENCHMARKS DIVISION MEMBERS AND NON-MEMBERS MAY: Download, install, and use each of the SB Products on a single computer, and/or Print one or more copies of any SB Product that is in a .txt, .pdf, .doc, .mcw, or .rtf format, but only if each such copy is printed in its entirety and is kept intact, including without limitation the text of these CIS Security Benchmarks Terms of Use. UNDER THE FOLLOWING TERMS AND CONDITIONS: SB Products Provided As Is. CIS is providing the SB Products “as is” and “as available” without: (1) any representations, warranties, or covenants of any kind whatsoever (including the absence of any warranty regarding: (a) the effect or lack of effect of any SB Product on the operation or the security of any network, system, software, hardware, or any component of any of them, and (b) the accuracy, utility, reliability, timeliness, or completeness of any SB Product); or (2) the responsibility to make or notify you of any corrections, updates, upgrades, or fixes. Intellectual Property and Rights Reserved. You are not acquiring any title or ownership rights in or to any SB Product, and full title and all ownership rights to the SB Products remain the exclusive property of CIS.
    [Show full text]
  • 1 Introduction
    Technical report, IDE1202, February 2012 Enhancing Network Security in Linux Environment Master Thesis in Computer Network Engineering By Ali Mohammed, Sachin Sama and Majeed Mohammed School of Information Science, Computer and Electrical Engineering Halmstad University i Enhancing Network Security in Linux Environment Master Thesis in Computer Network Engineering School of Information Science, Computer and Electrical Engineering Halmstad University Box 823, S-301 18 Halmstad, Sweden February 2012 ii Preface First of all, we would like to express our sincere gratitude to our Supervisor Philip Heimer and Professor Tony Larsson for their supervision and assistance in the entire thesis work. We are also thankful to IDE department, Halmstad University for providing this opportunity to complete this thesis. Ali Mohammed Sachin Sama Majeed Mohammed iii iv Abstract Designing a secured network is the most important task in any enterprise or organization development. Securing a network mainly involves applying policies and procedures to protect different network devices from unauthorized access. Servers such as web servers, file servers, mail servers, etc., are the important devices in a network. Therefore, securing these servers is the first and foremost step followed in every security implementation mechanism. To implement this, it is very important to analyse and study the security mechanisms provided by the operating system. This makes it easier for security implementation in a network. This thesis work demonstrates the tasks needed to enhance the network security in Linux environment. The various security modules existing in Linux makes it different from other operating systems. The security measures which are mainly needed to enhance the system security are documented as a baseline for practical implementation.
    [Show full text]
  • Access Control Framework
    This material is based on work supported by the National Science Foundation under Grant No. 0802551 Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author (s) and do not necessarily reflect the views of the National Science Foundation C5L1S1 When working for an institution as a Linux Administrator, you may be required to protect certain information based on its sensitivity. For instance, most organizations will have an internal network in which data contained in certain directories or drives are made public—employees can access the contents. However, certain kinds of information such as employee salaries, classified research, secret prototypes, health information, military secrets, and private communications are considered highly sensitive and are usually restrictedU the from everyone except very few people authorized to access the data. In this lesson, we will explore processes, tools, and control lists that make it possible to limit access to sensitive data on a Linux-based system. Understanding this topic is important for any system administrator configuring systems in the workplace that require access control mechanisms. C5L1S2 You should know what will be expected of you when you complete this lesson. These expectations are presented as objectives. Objectives are short statements of expectations that tell you what you must be able to do, perform, learn, or adjust after reviewing the lesson. Lesson Objective: U the Given the need to secure a Linux server, the student will recommend a set of standard Linux tools such as PAM, Access Control Lists, and TCP Wrappers to effectively secure a Linux system and demonstrate the use of one set of tools for system lock-down.
    [Show full text]
  • My Name Is Robert Kudyba and I Am the System Administrator for The
    My name is Robert Kudyba and I am the System Administrator for the Department of Computer Science here at Fordham University and a recent graduate of the Master’s in Cybersecurity. The lab will require you to install VirtualBox with Ubuntu preferable from osboxes.org. The commands listed in the lab will assume you have installed this image. Any Ubuntu version will work but if you installed from ubuntu.com then you will have to substitute the username you created for every place I reference osboxes. If you use Kali, you will be using the root user and there may be other issues as I’ve only confirmed everything works on Ubuntu. 1 In this lab, I will be gong over Linux remote access protocols Telnet and SSH, providing a history, the various encryption methods used, the concept of security through obscurity, a program called Fail2ban, how to use a Certificate Authority in OpenSSH, TCPWrapper, and Port Knocking. 2 • Telnet is a simple, text-based network protocol that is used for accessing remote computers over TCP/IP networks like the Internet. Telnet was created and launched in 1969. • Prior to telnet, you had to physically walk to a server in order to access its data. This meant, among other things, that you had to spend some time arriving at the server's location and then you had to wait for your turn to work with the server. Even if the server had the hardware power to do multiple things at the same time, you were blocked from using if someone was before you so you had to wait for others to finish their work first.
    [Show full text]
  • Nessus 8.11 User Guide
    Nessus 8.11.x User Guide Last Updated: October 29, 2020 Table of Contents Welcome to Nessus 8.11.x 13 Get Started with Nessus 16 Navigate Nessus 18 System Requirements 19 Hardware Requirements 20 Software Requirements 23 Licensing Requirements 26 Deployment Considerations 27 Host-Based Firewalls 28 IPv6 Support 29 Virtual Machines 30 Antivirus Software 31 Security Warnings 32 Manage SSL Certificates 33 Custom SSL Certificates 34 SSL Client Certificate Authentication 35 Create a New Custom CA and Server Certificate 36 Upload a Custom CA Certificate 38 Add a Root CA 39 Create Nessus SSL Certificates for Login 40 Enable Connections with Smart Card or CAC Card 43 Connect with Certificate or Card Enabled Browser 44 Copyright © 2020 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade- marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective Install Nessus and Nessus Agents 46 Download Nessus 47 Install Nessus 49 Install Nessus on Linux 50 Install Nessus on Windows 52 Install Nessus on Mac OS X 54 Install Nessus Agents 56 Retrieve the Linking Key 57 Install a Nessus Agent on Linux 58 Install a Nessus Agent on Windows 62 Install a Nessus Agent on Mac OS X 66 Link an Agent to Nessus Manager 70 Upgrade Nessus and Nessus Agents 73 Upgrade Nessus 74 Upgrade from Evaluation 75 Update Nessus Software 76 Upgrade Nessus on Linux 79 Upgrade Nessus on Windows 80 Upgrade Nessus on Mac OS X 81 Upgrade a Nessus Agent 82 Downgrade Nessus Software 85 Configure Nessus 86 Install Nessus Essentials, Professional, or Manager 87 Link to Tenable.io 89 Copyright © 2020 Tenable, Inc.
    [Show full text]
  • Nessus 8.3 User Guide
    Nessus 8.3.x User Guide Last Updated: September 24, 2021 Table of Contents Welcome to Nessus 8.3.x 12 Get Started with Nessus 15 Navigate Nessus 16 System Requirements 17 Hardware Requirements 18 Software Requirements 22 Customize SELinux Enforcing Mode Policies 25 Licensing Requirements 26 Deployment Considerations 27 Host-Based Firewalls 28 IPv6 Support 29 Virtual Machines 30 Antivirus Software 31 Security Warnings 32 Certificates and Certificate Authorities 33 Custom SSL Server Certificates 35 Create a New Server Certificate and CA Certificate 37 Upload a Custom Server Certificate and CA Certificate 39 Trust a Custom CA 41 Create SSL Client Certificates for Login 43 Nessus Manager Certificates and Nessus Agent 46 Install Nessus 48 Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade- marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective Download Nessus 49 Install Nessus 51 Install Nessus on Linux 52 Install Nessus on Windows 54 Install Nessus on Mac OS X 56 Install Nessus Agents 58 Retrieve the Linking Key 59 Install a Nessus Agent on Linux 60 Install a Nessus Agent on Windows 64 Install a Nessus Agent on Mac OS X 70 Upgrade Nessus and Nessus Agents 74 Upgrade Nessus 75 Upgrade from Evaluation 76 Upgrade Nessus on Linux 77 Upgrade Nessus on Windows 78 Upgrade Nessus on Mac OS X 79 Upgrade a Nessus Agent 80 Configure Nessus 86 Install Nessus Home, Professional, or Manager 87 Link to Tenable.io 88 Link to Industrial Security 89 Link to Nessus Manager 90 Managed by Tenable.sc 92 Manage Activation Code 93 Copyright © 2021 Tenable, Inc.
    [Show full text]
  • Absolute BSD—The Ultimate Guide to Freebsd Table of Contents Absolute BSD—The Ultimate Guide to Freebsd
    Absolute BSD—The Ultimate Guide to FreeBSD Table of Contents Absolute BSD—The Ultimate Guide to FreeBSD............................................................................1 Dedication..........................................................................................................................................3 Foreword............................................................................................................................................4 Introduction........................................................................................................................................5 What Is FreeBSD?...................................................................................................................5 How Did FreeBSD Get Here?..................................................................................................5 The BSD License: BSD Goes Public.......................................................................................6 The Birth of Modern FreeBSD.................................................................................................6 FreeBSD Development............................................................................................................7 Committers.........................................................................................................................7 Contributors........................................................................................................................8 Users..................................................................................................................................8
    [Show full text]
  • CIS Ubuntu Linux 18.04 LTS Benchmark
    CIS Ubuntu Linux 18.04 LTS Benchmark v1.0.0 - 08-13-2018 Terms of Use Please see the below link for our current terms of use: https://www.cisecurity.org/cis-securesuite/cis-securesuite-membership-terms-of-use/ 1 | P a g e Table of Contents Terms of Use ........................................................................................................................................................... 1 Overview ............................................................................................................................................................... 12 Intended Audience ........................................................................................................................................ 12 Consensus Guidance ..................................................................................................................................... 13 Typographical Conventions ...................................................................................................................... 14 Scoring Information ..................................................................................................................................... 14 Profile Definitions ......................................................................................................................................... 15 Acknowledgements ...................................................................................................................................... 17 Recommendations ............................................................................................................................................
    [Show full text]
  • TASK \ OS TASK \ OS TASK \ OS Show/Set EEPROM
    TASK \ OS OS notes administrative GUI managing users TASK \ OS list hardware configuration unique id useful for licensing show/set EEPROM/NVRAM values add device without reboot remove device tape device stdin/ stdout/ stderr X kvm config TASK \ OS read a disk label whole disk in partition label a disk partition a disk TASK \ OS kernel show/set kernel parameters limit physical memory loaded kernel modules load module unload module make disk bootable startup scripts start/ stop/ config services shutdown (& power off if possible) run levels 1 *=normal states for more detail see www.phildev.net/runlevels.html show runlevel 1 time zone info check swap space bind process to CPU TASK \ OS "normal" filesystem volume-based filesystem file system description volume manipulation create filesystem create non-0-length empty file mount CDROM eject CDROM create/mount ISO image ACL management Fibre Channel / SAN TASK \ OS NFS share definitions NFS share command NFS information name resolution order show network interface info change IP start DHCP client ping one packet sniff network route definitions telnetd, ftpd banner set date/time (from net: ntp or other) TASK \ OS auditing encrypted passwords in min password length allow/deny root logins firewall config TASK \ OS show installed software file is in which package add software precompiled binaries of GPLware and freeware C compiler show patch level and/or patches patch tool configure/show runtime linking fortran-2000.com/ ArnaudRecipes/ sharedlib.html link library path tracing utility define user defaults csh global .login default syslog and messages system error reporting tool performance monitoring match process to file or port X pop-up Wikipedia FAQs (see also faqs.org) mailing list mailing list archives man pages www.freebsd.org/ cgi/man.cgi newsgroup(s) and forums groups.google user groups magazines vendor home page vendor docs and patches (see also man pages) vendor phone (US) wikis FreeBSD Derived from 4.4BSD-Lite and 386BSD.
    [Show full text]
  • Firewalls and IDS
    Firewalls and IDS Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: [email protected] Firewalls • A firewall is a device that filters traffic between a “protected” or inside network and a “less trustworthy” or outside network. • A firewall is basically an executable code run on a dedicated computer. • As all traffic should pass through the firewall, it is not a point of bottleneck for system performance and hence non-firewall functions are not performed on that machine running the firewall. • Also, since non-firewall code does not exist in the computer, it is hard for an attacker to make use of any vulnerability to compromise the firewall. • Design idea: – Firewalls implement a security policy that is specifically designed to address what bad things that should not happen in a “protected environment” – Security policies that dictate what to allow: Standard security practices dictate a “default-deny” ruleset for firewalls, implying that the only network connections allowed are the ones that have been explicitly stated to be allowed. – Security policies that dictate what not to allow: Users and business community who lack such a detailed understanding to explicitly state what should be allowed in prefer a “default-allow” ruleset, in which all traffic is allowed unless it has been specifically blocked. – Even though this configuration is relatively more prone to inadvertent network connections and system compromise, it is more commonly used because of mere lack of knowledge and new applications that come into existence. Firewalls • Not all firewalls need to have the same capability. • One cannot compare the “goodness” of two firewalls based on the security policies they are configured with.
    [Show full text]
  • 01 Introduction to System Services
    Certification Introduction to System Services UNIT 1 Introduction to System Services 1 Rev RH253-RHEL-1 Copyright © 2003 Red Hat, Inc. Objectives • Understand how services are managed • Learn common traits among services • Introduce service fault analysis methods 2 Rev RH253-RHEL-1 Copyright © 2003 Red Hat, Inc. Agenda • Service management concepts • System V-managed services • xinetd managed services • The /etc/sysconfig files • Fault Analysis 3 Rev RH253-RHEL-1 Copyright © 2003 Red Hat, Inc. Service Management • Services are managed several ways: • by init • by System V scripts • by direct command • by xinetd 4 Rev RH253-RHEL-1 Copyright © 2003 Red Hat, Inc. Services Managed by init • Typically non-TCP/IP services, for example dial-in modems • Provides respawn capability • Configured in /etc/inittab 5 Rev RH253-RHEL-1 Copyright © 2003 Red Hat, Inc. System V Service Management • Processes are “wrapped” by System V (‘SysV’) initialization script methods • More than one script, and several configuration files are often used, per service • The service command is a “wrapper of wrappers” • /etc/init.d/cups start • service cups start 6 Rev RH253-RHEL-1 Copyright © 2003 Red Hat, Inc. chkconfig • Manages service definitions in run levels • To start the cups service on boot: chkconfig cups on • Does not modify current run state of System V services • List run level definitions with chkconfig --list 7 Rev RH253-RHEL-1 Copyright © 2003 Red Hat, Inc. xinetd Managed Services • Services are started by xinetd in response to incoming request • Activated with chkconfig: chkconfig cups-lpd on • Uses files in /etc/xinetd.d/ 8 Rev RH253-RHEL-1 Copyright © 2003 Red Hat, Inc.
    [Show full text]
  • Securing Mac OS X 10.4 Tiger V1.0.Doc
    The natural choice for information security solutions AA CCoorrssaaiirree WWhhiittee PPaappeerr:: SSeeccuurriinngg MMaacc OOSS XX Author Stephen de Vries Document Reference Securing Mac OS X 10.4 Tiger v1.0.doc Document Revision 1.0 Released Date 19 August 2005 © Copyright 2000 – 2005 Corsaire Limited All Rights Reserved A Corsaire White Paper: Securing Mac OS X Table of Contents TABLE OF CONTENTS............................................................................................................ 2 1. INTRODUCTION................................................................................................................ 3 2. USING THIS GUIDE .......................................................................................................... 3 2.1 The Common Criteria..................................................................................................... 3 3. SUMMARY OF SECURITY HARDENING......................................................................... 4 4. SECURITY HARDENING GUIDELINES ........................................................................... 4 4.1 General Security Settings ............................................................................................. 4 4.2 Patching & Maintenance................................................................................................ 7 4.3 Physical Access Controls ............................................................................................. 8 4.4 Keychain ......................................................................................................................
    [Show full text]